CVE-2023-30858
MEDIUMdenosaurs emoji 0.1.0-<0.3.0 - Denial of Service via Inefficient Regular Expression in reTrimSpace
Title source: llmDescription
The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the `replace`, `unemojify`, or `strip` functions.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/denosaurs/emoji/security/advisories/GHSA-w2xx-hjhp-gx5v
Patch x_refsource_misc
https://github.com/denosaurs/emoji/pull/11
Exploit x_refsource_misc
https://huntr.dev/bounties/444f2255-5085-466f-ba0e-5549fa8846a3/
Scores
CVSS v3
5.3
EPSS
0.0116
EPSS Percentile
63.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-1333
Status
published
Products (1)
denosaurs/emoji
0.1.0 - 0.3.0
Published
Apr 28, 2023
Tracked Since
Feb 18, 2026